Inactive PC performance and stability analysis virus -- logs posted

M

mik1680

Posts: 6   +0
I am pasting the logs from the instructions listed on this post: www.techspot.com/VB/topic58138.html

1. Malwarebytes
2. GMER Log
3. DDS Logs - both DDS.txt and Attach.txt

I have a term paper due tommorow that I cannot access now because this virus has either hidden or deleted all of my files. I would be incredibly appreciative of any help you guys can offer.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Reboot Remedy :: REBOOTREMEDY-PC [administrator]

Protection: Disabled

3/17/2012 10:18:01 AM
mbam-log-2012-03-17 (10-18-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232887
Time elapsed: 13 minute(s), 36 second(s)

Memory Processes Detected: 1
C:\ProgramData\YFJDscKybEK.exe (Trojan.FakeHDD) -> 2740 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|YFJDscKybEK.exe (Trojan.FakeHDD) -> Data: C:\ProgramData\YFJDscKybEK.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\ProgramData\YFJDscKybEK.exe (Trojan.FakeHDD) -> Delete on reboot.
C:\Users\Reboot Remedy\AppData\Local\Temp\Temp1_fkeylogger.zip\setup.exe (PUP.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-17 11:51:44
Windows 6.1.7601 Service Pack 1
Running: tevosy2x.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b2b8f86
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b2b8f86 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\assembly\NativeImages_v2.0.50727_64\index767.dat 0 bytes
File C:\Windows\assembly\NativeImages_v2.0.50727_64\index768.dat 0 bytes

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Reboot Remedy at 11:58:43 on 2012-03-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.737 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
C:\Windows\system32\rundll32.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\FK_Monitor\freeklogger.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512193119.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Reboot Remedy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [freeklogger.exe] C:\Program Files (x86)\FK_Monitor\freeklogger.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{267ABBFD-69AD-4311-8416-BBE66A9D9572} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{267ABBFD-69AD-4311-8416-BBE66A9D9572}\242486F6D656 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{267ABBFD-69AD-4311-8416-BBE66A9D9572}\34A42237 : DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{267ABBFD-69AD-4311-8416-BBE66A9D9572}\368616E696B616 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{267ABBFD-69AD-4311-8416-BBE66A9D9572}\46C696E6B6 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512193119.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 64952]
R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-6 1500424]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-17 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-27 355440]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-27 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-27 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-27 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-27 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-2-27 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 0020311328329218mcinstcleanup;McAfee Application Installer Cleanup (0020311328329218);C:\Windows\TEMP\002031~1.EXE -cleanup -nolog --> C:\Windows\TEMP\002031~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-27 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-27 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-17 15:39:06 20480 ----a-w- C:\Windows\svchost.exe
2012-03-17 15:15:03 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-17 14:42:00 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{178A0B08-4472-46DF-95EA-BE0650BCEE68}
2012-03-17 14:41:39 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{546F550F-0D46-4E72-A894-D39356F4D202}
2012-03-17 05:32:50 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{668A8AB4-5B38-4BC9-9890-CFECB36D3EC4}
2012-03-17 05:32:07 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{767D7125-2E22-4E91-8F02-0241730E37A3}
2012-03-16 22:59:51 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Roaming\Malwarebytes
2012-03-16 22:59:34 -------- d--h--w- C:\ProgramData\Malwarebytes
2012-03-16 22:59:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-16 18:14:46 -------- d--h--w- C:\ab48433134b45195adbb05d7
2012-03-16 17:25:16 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{B14775E8-0951-4782-9550-5D64AC6B8DD2}
2012-03-16 17:25:02 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{3CF4428D-B62F-4E9A-98EA-105D80AC29D1}
2012-03-16 17:20:15 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{44E445B2-9D7A-42E7-9A76-32F74A6A130A}
2012-03-15 22:40:44 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-03-15 22:40:44 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-03-15 22:40:41 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-03-15 22:38:53 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-03-15 22:38:52 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-03-15 17:27:44 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{63449660-50FC-4280-AA30-75A094866870}
2012-03-15 17:27:23 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{95136510-3888-4DA3-90F5-ABE48E49762F}
2012-03-15 17:04:07 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{F9830C86-12B7-4FBC-9D65-0A309E28DF2D}
2012-03-15 17:03:36 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-03-14 18:15:26 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{BC060CAA-7DA1-477A-9674-33C514C44140}
2012-03-13 20:23:58 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{A862CE5B-B093-475F-B471-9412BC7EAA94}
2012-03-13 20:23:44 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{0876678A-D4E7-40BE-80A9-EC16B1A703FE}
2012-03-13 19:30:38 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{FC55AB2C-270B-49B1-AB0F-42A3BDD90F64}
2012-03-08 14:07:48 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{F44EFBBE-BC43-4455-A384-BA8F7F512B22}
2012-03-07 19:43:53 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{96B21DCA-E3DB-4C3E-8806-469FBE973963}
2012-03-06 23:49:45 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{F0363EFE-D3F2-48C1-8B7E-3156A427E3AB}
2012-03-04 01:45:04 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{D89A1438-982F-4004-B4CE-A1E77AB34AC6}
2012-03-03 06:05:59 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{EE2B4266-8803-4020-843A-95A52691A214}
2012-03-01 21:44:16 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{9B2EE968-B06B-4059-9717-7DDD080FCDD9}
2012-03-01 01:29:42 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{AC7DB1D4-0D9C-4F20-8D25-F754483AE74C}
2012-02-28 20:35:13 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{E0B4F546-DCC1-4397-AF93-4226CF1895A6}
2012-02-27 20:58:23 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{2E61D699-C7E8-448C-A4D2-61129A6B1F69}
2012-02-26 16:23:53 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{1CFA7C3C-560E-4888-8D15-5D5EFA631B12}
2012-02-24 20:57:16 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{7A969F40-1034-4F3A-89F6-914C9F82662F}
2012-02-23 21:01:06 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{BE8987AC-9953-448F-BAD7-A70437D39150}
2012-02-23 00:06:51 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{CEF2DAE4-461E-4240-89D7-67B2FA0551AB}
2012-02-23 00:06:36 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{DC788E81-D031-404F-92AB-212E3C61D884}
2012-02-20 20:24:48 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{55E776F0-96CE-4239-AFDD-290C47401512}
2012-02-19 21:20:18 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{8F7066C6-A5C0-492F-A8AA-2C7C34595887}
2012-02-18 15:04:36 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{558EC69F-EF01-4A75-AD55-EECD3E28BEDE}
2012-02-18 02:48:25 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{3A1018F4-BF97-41BC-8717-0DA00DC35436}
2012-02-18 02:48:00 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{A05FF30F-8291-4CCB-B67A-60DE8354ED60}
2012-02-17 15:01:31 -------- d--h--w- C:\ProgramData\100
2012-02-17 15:01:30 -------- d-----w- C:\Program Files (x86)\BFlix
2012-02-17 15:00:23 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\Babylon
2012-02-17 15:00:20 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Roaming\Babylon
2012-02-17 15:00:20 -------- d--h--w- C:\ProgramData\Babylon
2012-02-17 14:59:35 -------- d--h--w- C:\ProgramData\InstallMate
2012-02-17 14:46:40 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{9F6C0FBB-4FCB-4FB7-BBF8-B9435634A001}
.
==================== Find3M ====================
.
2012-01-20 01:22:45 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 12:01:05.07 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2/2/2011 9:39:10 AM
System Uptime: 3/17/2012 10:37:05 AM (2 hours ago)
.
Motherboard: Quanta | | 30D0
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket S1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 179.562 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Coprocessor
Device ID: PCI\VEN_10DE&DEV_0447&SUBSYS_30CF103C&REV_A1\3&2411E6FE&1&0B
Manufacturer:
Name: Coprocessor
PNP Device ID: PCI\VEN_10DE&DEV_0447&SUBSYS_30CF103C&REV_A1\3&2411E6FE&1&0B
Service:
.
==== System Restore Points ===================
.
RP106: 2/1/2012 6:15:32 PM - Windows Update
RP107: 2/16/2012 6:22:54 AM - Windows Update
RP108: 3/15/2012 12:07:12 PM - Windows Update
RP109: 3/16/2012 12:29:27 PM - Windows Update
RP110: 3/16/2012 3:03:47 PM - Windows Update
RP111: 3/17/2012 9:55:11 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
AoA DVD Ripper
Apple Application Support
Apple Software Update
ArcGIS Desktop 10
ArcGIS License Manager 10
ArcSoft MediaImpression for Kodak
Ask Toolbar
Avery Wizard 4.0
Bing Bar
D3DX10
Data Interoperability Extension
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Internet Security
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
QuickTime
RICOH Media Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype™ 5.8
System Requirements Lab
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xvid 1.2.2 final uninstall
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/17/2012 9:52:29 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/17/2012 11:58:25 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.
3/17/2012 11:58:25 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.
3/17/2012 11:58:25 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.
3/16/2012 7:27:41 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/16/2012 7:26:11 PM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the Windows Modules Installer service to connect.
3/16/2012 7:26:11 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/16/2012 7:22:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
3/16/2012 7:18:18 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
3/16/2012 2:44:32 PM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
3/16/2012 12:41:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2621440).
3/16/2012 1:14:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2667402).
3/16/2012 1:12:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2665364).
3/16/2012 1:06:14 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).
3/15/2012 3:41:14 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
3/15/2012 12:13:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2641653).
.
==== End Of File ===========================
 
Okay, I know you're in a panic, but don't bump a thread after an hour!!

Emergency fix only:
Download Unhide.exe and save to the desktop.
  • Double-click on Unhide.exe icon to run the program.
  • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
Note 1: This does not remove the malware- only the attribute causing the 'missing' problem.So it is important for you to continue.
Note 2: If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners

I can't finish you up by morning (Sunday??) but this might help you view the file you need for now.
 
Okay, if you're in, let's go ahead with the malware removal:

Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
========================================
This malware is a fake computer analysis and optimization program that displays fake information in order to scare you into believing that there is an issue with your computer and you need their program to fix it.
  • It will display numerous error messages when you attempt to launch programs or delete files.
  • It will scan your computer, which will then find a variety of errors that it states it cannot fix until you purchase the program. so-called defragment tool.
  • Folder, icons, programs may appear to be missing their content.
  • It may terminate a program you launch stating that "the program or hard drive is corrupted".
  • The messages that you will see when you attempt run a program are:
    [o]Hard Drive Failure
    [o]System ot Critical Error
    [o]Closing these messages will then bring 'notice' of Windows Recovery Diagnostics and/or Fix Disk
  • When running it will also display fake alerts from your Windows taskbar of various "Critical Errors" and other fake warnings.
  • . The malware may prevent downloads directly to the infected computer. In that case, programs can be loaded onto a flash drive, then transferred to the problem system to run.
  • Run RKill> Download from iExplore.exe download link and save to the desktop/
    [o] Double click the iExplore.exe icon to run
    [o] If you cannot find the icon, do as follows:
    [o]Win XP: Click on Start> Run> type in %userprofile%\desktop\iexplore.exe> OK
    [o]Win Vista/Win 7: Click on Start> type in Search Field %userprofile%\desktop\iexplore.exe> Enter
    [o] Be patient> a black windows will automatically close when finished
    [o] If you get a message that RKill is an infection, [leave the warning and run RKill again.
    Important: Do not reboot your computer after running RKill as the malware programs will start again.
  • Update and rescan with Malwarebytes using Perform Full Scan this time.
  • Make sure programs are updated to the most current version. This malware frequently uses an exploit in and outdated program:Please update the following:
    Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
    [o]Adobe Reader:Adobe Reader Update
    [o]Java(TM):Java Updates .
    Uninstall any earlier versions in of both as they are vulnerabilities for the system.
======================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=======================================
Let me know the status after completing the above- please leave logs for Combofix, Mbam Full Scan and Eset online scan in your next reply.

If you have any problems with any of the programs or any remaining system problems, please explain them as precisely as possible.
======================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
 
My apologies for bumping the thread too soon. I was a bit desperate.

Thank you so much for your reply.

To update you, I followed the instructions as listed, however, after initially running Combofix, my computer crashed. After rebooting it, I ran Combofix again. The log from the 2nd run is attached. Also, the computer froze prior to completing the first ESET Scan, I rescanned again after rebooting the computer, so the results of the 2nd scan are also attached here.



ComboFix 12-03-17.01 - Reboot Remedy 03/17/2012 23:30:58.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1038 [GMT -5:00]
Running from: c:\users\Reboot Remedy\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-18 04:43 . 2012-03-18 04:43 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-18 04:43 . 2012-03-18 04:43 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-03-18 04:43 . 2012-03-18 04:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-17 15:39 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-03-17 15:15 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 22:59 . 2012-03-16 22:59 -------- d-----w- c:\users\Reboot Remedy\AppData\Roaming\Malwarebytes
2012-03-16 22:59 . 2012-03-16 22:59 -------- d-----w- c:\programdata\Malwarebytes
2012-03-16 22:59 . 2012-03-17 15:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-16 18:14 . 2012-03-16 18:14 -------- d-----w- C:\ab48433134b45195adbb05d7
2012-03-15 22:40 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-15 22:40 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-15 22:40 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-15 22:38 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-15 22:38 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-15 20:49 . 2012-03-15 20:49 -------- d-----w- c:\windows\Sun
2012-03-15 17:03 . 2012-03-15 17:03 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-02-17 15:01 . 2012-03-15 19:00 -------- d-----w- c:\program files (x86)\BFlix
2012-02-17 15:00 . 2012-03-17 17:21 -------- d-----w- c:\users\Reboot Remedy\AppData\Local\Babylon
2012-02-17 15:00 . 2012-02-17 15:00 -------- d-----w- c:\users\Reboot Remedy\AppData\Roaming\Babylon
2012-02-17 15:00 . 2012-02-17 15:00 -------- d-----w- c:\programdata\Babylon
2012-02-17 14:59 . 2012-02-17 15:01 -------- d-----w- c:\programdata\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-20 01:22 . 2011-06-08 16:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-07 14:32 . 2012-01-07 14:32 53248 ----a-r- c:\users\Reboot Remedy\AppData\Roaming\Microsoft\Installer\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-18_04.18.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-16 17:33 . 2012-03-18 04:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-03-16 17:33 . 2012-03-16 18:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-03-15 17:03 . 2012-03-16 17:24 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-15 17:03 . 2012-03-18 04:22 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:10 . 2012-03-18 04:23 42538 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-02 15:42 . 2012-03-18 04:23 13572 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2846935167-178982516-714802623-1000_UserData.bin
+ 2011-02-24 19:37 . 2012-03-18 04:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-24 19:37 . 2012-03-17 15:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-14 19:35 . 2012-03-17 15:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-14 19:35 . 2012-03-18 04:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-14 19:35 . 2012-03-17 15:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-03-14 19:35 . 2012-03-18 04:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-03-14 19:35 . 2012-03-18 04:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2012-03-14 19:35 . 2012-03-17 15:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-02-24 19:37 . 2012-03-18 04:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-24 19:37 . 2012-03-17 15:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-24 19:37 . 2012-03-17 15:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-24 19:37 . 2012-03-18 04:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-21 23:26 . 2012-03-17 15:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-21 23:26 . 2012-03-18 04:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-21 23:26 . 2012-03-18 04:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-21 23:26 . 2012-03-17 15:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-17 15:37 . 2012-03-17 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-17 15:37 . 2012-03-18 04:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-17 15:37 . 2012-03-17 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-17 15:37 . 2012-03-18 04:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-05 21:02 . 2012-03-18 03:59 360448 c:\windows\Temp\History\History.IE5\index.dat
+ 2011-03-05 21:02 . 2012-03-18 04:27 360448 c:\windows\Temp\History\History.IE5\index.dat
- 2011-03-05 21:02 . 2012-03-18 03:59 163840 c:\windows\Temp\Cookies\index.dat
+ 2011-03-05 21:02 . 2012-03-18 04:27 163840 c:\windows\Temp\Cookies\index.dat
+ 2011-03-05 21:02 . 2012-03-18 04:27 3309568 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-11-18 01:29 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-27 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-01-31 17147528]
"freeklogger.exe"="c:\program files (x86)\FK_Monitor\freeklogger.exe" [2011-10-13 794624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-11-18 901800]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0020311328329218mcinstcleanup;McAfee Application Installer Cleanup (0020311328329218);c:\windows\TEMP\002031~1.EXE [x]
R2 0117951332004784mcinstcleanup;McAfee Application Installer Cleanup (0117951332004784);c:\windows\TEMP\011795~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-06 1500424]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 17:40]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 17:40]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2846935167-178982516-714802623-1000Core.job
- c:\users\Reboot Remedy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 20:02]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2846935167-178982516-714802623-1000UA.job
- c:\users\Reboot Remedy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 20:02]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-17 23:51:35
ComboFix-quarantined-files.txt 2012-03-18 04:51
ComboFix2.txt 2012-03-18 04:25
.
Pre-Run: 193,262,923,776 bytes free
Post-Run: 193,233,428,480 bytes free
.
- - End Of File - - F8A7E27BA6561708A041979C81054624


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/17/2012 at 23:58:29.
Operating System: Windows 7 Ultimate


Processes terminated by Rkill or while it was running:

\\.\globalroot\systemroot\svchost.exe


Rkill completed on 03/17/2012 at 23:59:05.



Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.18.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Reboot Remedy :: REBOOTREMEDY-PC [administrator]

Protection: Enabled

3/18/2012 12:09:26 AM
mbam-log-2012-03-18 (00-09-26).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 397684
Time elapsed: 2 hour(s), 18 minute(s), 23 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4504 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)


C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\11724130-1dcceaa4 Java/Exploit.Blacole.AN trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\11724130-1dcceaa4 Java/Exploit.Blacole.AN trojan
 
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
FileLook::
C:\Windows\svchost.exe
Folder::
C:\ab48433134b45195adbb05d7
C:\ProgramData\100
C:\Program Files (x86)\BFlix
C:\Users\Reboot Remedy\AppData\Local\Babylon
C:\Users\Reboot Remedy\AppData\Roaming\Babylon
C:\ProgramData\Babylon
C:\ProgramData\InstallMate
C:\Users\Reboot Remedy\AppData\Local\{9F6C0FBB-4FCB-4FB7-BBF8-B9435634A001}
Registry::
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"ApnUpdater"=-
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
==========================================
The malware in Eset is in the Java cache. I have cleared that in Combofix. But you have multiple outdated Java:
Please update Java: Java Updates .

Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
======================================
Please run the following to remove the old Java:
You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that
    a logfile has been produced. Click OK.
  • A logfile will pop up. Note: Do not leave this log.
===========================================
How is the system doing now?
 
It seems to be working ok, you've been incredibly helpful. Thank you so much.

Here is the last Combofix Log:

ComboFix 12-03-17.01 - Reboot Remedy 03/19/2012 16:13:27.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1159 [GMT -5:00]
Running from: c:\users\Reboot Remedy\Desktop\ComboFix.exe
Command switches used :: c:\users\Reboot Remedy\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ab48433134b45195adbb05d7
c:\ab48433134b45195adbb05d7\$shtdwn$.req
c:\ab48433134b45195adbb05d7\1025\eula.rtf
c:\ab48433134b45195adbb05d7\1025\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1025\SetupResources.dll
c:\ab48433134b45195adbb05d7\1028\eula.rtf
c:\ab48433134b45195adbb05d7\1028\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1028\SetupResources.dll
c:\ab48433134b45195adbb05d7\1029\eula.rtf
c:\ab48433134b45195adbb05d7\1029\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1029\SetupResources.dll
c:\ab48433134b45195adbb05d7\1030\eula.rtf
c:\ab48433134b45195adbb05d7\1030\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1030\SetupResources.dll
c:\ab48433134b45195adbb05d7\1031\eula.rtf
c:\ab48433134b45195adbb05d7\1031\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1031\SetupResources.dll
c:\ab48433134b45195adbb05d7\1032\eula.rtf
c:\ab48433134b45195adbb05d7\1032\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1032\SetupResources.dll
c:\ab48433134b45195adbb05d7\1033\eula.rtf
c:\ab48433134b45195adbb05d7\1033\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1033\SetupResources.dll
c:\ab48433134b45195adbb05d7\1035\eula.rtf
c:\ab48433134b45195adbb05d7\1035\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1035\SetupResources.dll
c:\ab48433134b45195adbb05d7\1036\eula.rtf
c:\ab48433134b45195adbb05d7\1036\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1036\SetupResources.dll
c:\ab48433134b45195adbb05d7\1037\eula.rtf
c:\ab48433134b45195adbb05d7\1037\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1037\SetupResources.dll
c:\ab48433134b45195adbb05d7\1038\eula.rtf
c:\ab48433134b45195adbb05d7\1038\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1038\SetupResources.dll
c:\ab48433134b45195adbb05d7\1040\eula.rtf
c:\ab48433134b45195adbb05d7\1040\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1040\SetupResources.dll
c:\ab48433134b45195adbb05d7\1041\eula.rtf
c:\ab48433134b45195adbb05d7\1041\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1041\SetupResources.dll
c:\ab48433134b45195adbb05d7\1042\eula.rtf
c:\ab48433134b45195adbb05d7\1042\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1042\SetupResources.dll
c:\ab48433134b45195adbb05d7\1043\eula.rtf
c:\ab48433134b45195adbb05d7\1043\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1043\SetupResources.dll
c:\ab48433134b45195adbb05d7\1044\eula.rtf
c:\ab48433134b45195adbb05d7\1044\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1044\SetupResources.dll
c:\ab48433134b45195adbb05d7\1045\eula.rtf
c:\ab48433134b45195adbb05d7\1045\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1045\SetupResources.dll
c:\ab48433134b45195adbb05d7\1046\eula.rtf
c:\ab48433134b45195adbb05d7\1046\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1046\SetupResources.dll
c:\ab48433134b45195adbb05d7\1049\eula.rtf
c:\ab48433134b45195adbb05d7\1049\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1049\SetupResources.dll
c:\ab48433134b45195adbb05d7\1053\eula.rtf
c:\ab48433134b45195adbb05d7\1053\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1053\SetupResources.dll
c:\ab48433134b45195adbb05d7\1055\eula.rtf
c:\ab48433134b45195adbb05d7\1055\LocalizedData.xml
c:\ab48433134b45195adbb05d7\1055\SetupResources.dll
c:\ab48433134b45195adbb05d7\2052\eula.rtf
c:\ab48433134b45195adbb05d7\2052\LocalizedData.xml
c:\ab48433134b45195adbb05d7\2052\SetupResources.dll
c:\ab48433134b45195adbb05d7\2070\eula.rtf
c:\ab48433134b45195adbb05d7\2070\LocalizedData.xml
c:\ab48433134b45195adbb05d7\2070\SetupResources.dll
c:\ab48433134b45195adbb05d7\3076\eula.rtf
c:\ab48433134b45195adbb05d7\3076\LocalizedData.xml
c:\ab48433134b45195adbb05d7\3076\SetupResources.dll
c:\ab48433134b45195adbb05d7\3082\eula.rtf
c:\ab48433134b45195adbb05d7\3082\LocalizedData.xml
c:\ab48433134b45195adbb05d7\3082\SetupResources.dll
c:\ab48433134b45195adbb05d7\DHtmlHeader.html
c:\ab48433134b45195adbb05d7\Graphics\Print.ico
c:\ab48433134b45195adbb05d7\Graphics\Rotate1.ico
c:\ab48433134b45195adbb05d7\Graphics\Rotate2.ico
c:\ab48433134b45195adbb05d7\Graphics\Rotate3.ico
c:\ab48433134b45195adbb05d7\Graphics\Rotate4.ico
c:\ab48433134b45195adbb05d7\Graphics\Rotate5.ico
c:\ab48433134b45195adbb05d7\Graphics\Rotate6.ico
c:\ab48433134b45195adbb05d7\Graphics\Rotate7.ico
c:\ab48433134b45195adbb05d7\Graphics\Rotate8.ico
c:\ab48433134b45195adbb05d7\Graphics\Save.ico
c:\ab48433134b45195adbb05d7\Graphics\Setup.ico
c:\ab48433134b45195adbb05d7\Graphics\stop.ico
c:\ab48433134b45195adbb05d7\Graphics\SysReqMet.ico
c:\ab48433134b45195adbb05d7\Graphics\SysReqNotMet.ico
c:\ab48433134b45195adbb05d7\Graphics\warn.ico
c:\ab48433134b45195adbb05d7\header.bmp
c:\ab48433134b45195adbb05d7\NDP40-KB2633870.msp
c:\ab48433134b45195adbb05d7\ParameterInfo.xml
c:\ab48433134b45195adbb05d7\Setup.exe
c:\ab48433134b45195adbb05d7\SetupEngine.dll
c:\ab48433134b45195adbb05d7\SetupUi.dll
c:\ab48433134b45195adbb05d7\SetupUi.xsd
c:\ab48433134b45195adbb05d7\SetupUtility.exe
c:\ab48433134b45195adbb05d7\SplashScreen.bmp
c:\ab48433134b45195adbb05d7\sqmapi.dll
c:\ab48433134b45195adbb05d7\Strings.xml
c:\ab48433134b45195adbb05d7\UiInfo.xml
c:\ab48433134b45195adbb05d7\watermark.bmp
c:\program files (x86)\BFlix
c:\program files (x86)\BFlix\bflix.crx
c:\programdata\Babylon
c:\programdata\InstallMate
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\20120217085925.log
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.dat
c:\users\Reboot Remedy\AppData\Local\{9F6C0FBB-4FCB-4FB7-BBF8-B9435634A001}
c:\users\Reboot Remedy\AppData\Local\Babylon
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\cmbx.png
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\lngs.png
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page1.css
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page1.html
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page1.js
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page1Lrg.css
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page2.js
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page9.html
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\title1.png
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\title2.png
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\vIcn.png
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.35.zpb
c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\Reboot Remedy\AppData\Roaming\Babylon
c:\users\Reboot Remedy\AppData\Roaming\Babylon\log_file.txt
c:\windows\SysWow64\RENFFF4.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-19 to 2012-03-19 )))))))))))))))))))))))))))))))
.
.
2012-03-19 21:29 . 2012-03-19 21:29 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-19 21:29 . 2012-03-19 21:29 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-03-19 21:29 . 2012-03-19 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-18 11:23 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-18 11:23 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-03-18 11:23 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-03-18 11:18 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-18 11:18 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-18 11:18 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-18 11:18 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-18 11:18 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-18 11:18 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-18 11:18 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-18 11:18 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-18 11:18 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 11:18 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-18 09:31 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-03-18 08:01 . 2012-03-18 08:01 -------- d-----w- c:\program files (x86)\ESET
2012-03-18 07:58 . 2012-03-18 07:58 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-18 07:57 . 2011-03-20 00:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-18 07:56 . 2012-03-18 07:56 -------- d-----w- c:\program files (x86)\Java
2012-03-18 07:50 . 2012-03-18 07:50 -------- d-----w- c:\windows\system32\appmgmt
2012-03-17 15:15 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 22:59 . 2012-03-16 22:59 -------- d-----w- c:\users\Reboot Remedy\AppData\Roaming\Malwarebytes
2012-03-16 22:59 . 2012-03-16 22:59 -------- d-----w- c:\programdata\Malwarebytes
2012-03-16 22:59 . 2012-03-17 15:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-15 22:40 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-15 22:40 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-15 22:40 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-15 22:38 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-15 22:38 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-15 20:49 . 2012-03-15 20:49 -------- d-----w- c:\windows\Sun
2012-03-15 17:03 . 2012-03-15 17:03 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-20 01:22 . 2011-06-08 16:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-07 14:32 . 2012-01-07 14:32 53248 ----a-r- c:\users\Reboot Remedy\AppData\Roaming\Microsoft\Installer\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\svchost.exe ---
Company: Microsoft Corporation
File Description: winrscmde
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: winrscmde.exe
File size: 20480
Created time: 2012-03-18 09:31
Modified time: 2009-07-14 01:14
MD5: 2CEFF13ACE25A40BD8D97654944297CD
SHA1: D839453DD53E2E1970ACE260DDD60597CA04E357
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-18_04.18.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-16 17:33 . 2012-03-19 20:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-03-16 17:33 . 2012-03-16 18:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-15 17:03 . 2012-03-19 21:09 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2012-03-15 17:03 . 2012-03-16 17:24 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-02-21 23:24 . 2012-03-19 20:29 40422 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-19 20:29 42928 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-02 15:42 . 2012-03-19 20:29 13692 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2846935167-178982516-714802623-1000_UserData.bin
+ 2012-03-15 19:00 . 2012-03-18 09:47 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2012-03-15 19:00 . 2012-03-17 05:51 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-02-24 19:37 . 2012-03-17 15:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-24 19:37 . 2012-03-19 20:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-03-19 20:37 88248 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-14 19:35 . 2012-03-19 20:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-14 19:35 . 2012-03-17 15:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-14 19:35 . 2012-03-17 15:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-03-14 19:35 . 2012-03-19 20:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-03-14 19:35 . 2012-03-19 20:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2012-03-14 19:35 . 2012-03-17 15:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-02-24 19:37 . 2012-03-19 20:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-24 19:37 . 2012-03-17 15:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-24 19:37 . 2012-03-17 15:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-24 19:37 . 2012-03-19 20:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-21 23:26 . 2012-03-19 20:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-21 23:26 . 2012-03-17 15:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-21 23:26 . 2012-03-17 15:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-21 23:26 . 2012-03-19 20:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-27 00:17 . 2012-03-19 20:04 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-02-27 00:17 . 2012-03-17 15:19 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-02-27 00:17 . 2012-03-17 15:19 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-02-27 00:17 . 2012-03-19 20:04 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-02-27 00:17 . 2012-03-19 20:04 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-02-27 00:17 . 2012-03-17 15:19 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
+ 2012-03-19 20:25 . 2012-03-19 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-17 15:37 . 2012-03-17 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-19 20:25 . 2012-03-19 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-17 15:37 . 2012-03-17 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-05 21:02 . 2012-03-19 21:09 491520 c:\windows\Temp\History\History.IE5\index.dat
+ 2011-03-05 21:02 . 2012-03-19 21:09 245760 c:\windows\Temp\Cookies\index.dat
+ 2012-03-18 07:57 . 2012-03-18 07:57 157472 c:\windows\SysWOW64\javaws.exe
- 2011-03-20 00:32 . 2011-03-20 00:31 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-03-18 07:57 . 2012-03-18 07:57 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-03-18 07:57 . 2012-03-18 07:56 149280 c:\windows\SysWOW64\java.exe
+ 2011-02-25 21:58 . 2012-03-19 19:51 282618 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 04:45 . 2011-12-16 20:29 465656 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-03-19 20:25 465656 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:38 . 2012-03-17 17:37 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2012-03-18 14:01 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2011-06-30 09:20 . 2012-03-18 03:54 262144 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-06-30 09:20 . 2012-03-19 20:40 262144 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-02-24 19:37 . 2012-03-18 04:21 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-02-24 19:37 . 2012-02-16 13:45 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-03-17 15:35 422316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-19 20:23 422316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-18 07:58 . 2012-03-18 07:58 207360 c:\windows\Installer\b909f5.msi
+ 2012-03-18 07:55 . 2012-03-18 07:55 907264 c:\windows\Installer\b909f0.msi
+ 2011-02-27 00:17 . 2012-03-19 20:04 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2011-02-27 00:17 . 2012-03-17 15:19 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-02-27 00:17 . 2012-03-19 20:04 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-02-27 00:17 . 2012-03-17 15:19 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-02-27 00:17 . 2012-03-17 15:19 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-02-27 00:17 . 2012-03-19 20:04 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2011-02-27 00:17 . 2012-03-17 15:19 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-02-27 00:17 . 2012-03-19 20:04 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-02-27 00:17 . 2012-03-19 20:04 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2011-02-27 00:17 . 2012-03-17 15:19 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2011-02-27 00:17 . 2012-03-17 15:19 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2011-02-27 00:17 . 2012-03-19 20:04 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2011-03-05 21:02 . 2012-03-19 21:09 3932160 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:45 . 2012-03-19 20:34 5988437 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-03-17 14:54 5988437 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-03-01 04:55 . 2012-03-01 04:55 3462656 c:\windows\Installer\9b972.msp
+ 2011-02-27 00:17 . 2012-03-19 20:04 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-02-27 00:17 . 2012-03-17 15:19 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-02-27 00:17 . 2012-03-17 15:19 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-02-27 00:17 . 2012-03-19 20:04 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-02-27 00:17 . 2012-03-19 20:04 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-02-27 00:17 . 2012-03-17 15:19 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-02-27 00:17 . 2012-03-17 15:19 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-02-27 00:17 . 2012-03-19 20:04 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2012-03-18 11:23 . 2012-01-04 08:59 12872704 c:\windows\SysWOW64\shell32.dll
- 2009-07-14 02:34 . 2012-03-16 19:56 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-19 20:22 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-03-18 11:23 . 2012-01-04 10:44 14172672 c:\windows\system32\shell32.dll
+ 2012-01-03 17:58 . 2012-01-03 17:58 15929344 c:\windows\Installer\b90776.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-11-18 01:29 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-27 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-01-31 17147528]
"freeklogger.exe"="c:\program files (x86)\FK_Monitor\freeklogger.exe" [2011-10-13 794624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-11-18 901800]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-06 1500424]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 17:40]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 17:40]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2846935167-178982516-714802623-1000Core.job
- c:\users\Reboot Remedy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 20:02]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2846935167-178982516-714802623-1000UA.job
- c:\users\Reboot Remedy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 20:02]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-19 16:38:28
ComboFix-quarantined-files.txt 2012-03-19 21:38
ComboFix2.txt 2012-03-18 04:51
ComboFix3.txt 2012-03-18 04:25
.
Pre-Run: 192,624,214,016 bytes free
Post-Run: 192,626,466,816 bytes free
.
- - End Of File - - 17FBF78A5742D1AE65488DC95F5ADC25
 
You're welcome! Hope you were able to access your homework and get it in.

Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
DDS::
BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
BHO-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
TB-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
Folder::
c:\windows\system32\config\systemprofile\AppData\Local\temp
c:\users\DefaultAppPool\AppData\Local\temp
c:\users\Default\AppData\Local\temp
Registry::
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"ApnUpdater"=-
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
=============================================
The following should be gone, but let's make sure:

Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files 
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployme nt\cache\6.0\48\11724130-1dcceaa4 
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployme nt\cache\6.0\48\11724130-1dcceaa4 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
======================================
Please use add/remove Programs to uninstall any Ask entries. Also look for Avery Toolbar and Babylon Toolbar and remove if found.
For any uninstall programs: use Windows Explorer (Right click on Start> Explore) to access Computer> Local Drive C)> Programs> find the program folder for each and do a right click> Delete
Is everything in order now: No hidden icons, desktop, Task Manager, desktop okay, Start Menu in order?
 
Hi Bobbye,

Here are the two latest logs:

ComboFix 12-03-17.01 - Reboot Remedy 03/26/2012 18:09:08.5.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1122 [GMT -5:00]
Running from: c:\users\Reboot Remedy\Desktop\ComboFix.exe
Command switches used :: c:\users\Reboot Remedy\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\users\Default\AppData\Local\temp
c:\users\DefaultAppPool\AppData\Local\temp
c:\windows\svchost.exe
c:\windows\system32\config\systemprofile\AppData\Local\temp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
.
.
2012-03-19 22:29 . 2012-03-19 22:29 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-18 11:23 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-18 11:23 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-03-18 11:23 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-03-18 11:18 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-18 11:18 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-18 11:18 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-18 11:18 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-18 11:18 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-18 11:18 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-18 11:18 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-18 11:18 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-18 11:18 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 11:18 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-18 08:01 . 2012-03-18 08:01 -------- d-----w- c:\program files (x86)\ESET
2012-03-18 07:57 . 2011-03-20 00:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-18 07:56 . 2012-03-18 07:56 -------- d-----w- c:\program files (x86)\Java
2012-03-18 07:50 . 2012-03-18 07:50 -------- d-----w- c:\windows\system32\appmgmt
2012-03-17 15:15 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 22:59 . 2012-03-16 22:59 -------- d-----w- c:\users\Reboot Remedy\AppData\Roaming\Malwarebytes
2012-03-16 22:59 . 2012-03-16 22:59 -------- d-----w- c:\programdata\Malwarebytes
2012-03-16 22:59 . 2012-03-17 15:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-15 22:40 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-15 22:40 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-15 22:40 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-15 22:38 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-15 22:38 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-15 20:49 . 2012-03-15 20:49 -------- d-----w- c:\windows\Sun
2012-03-15 17:03 . 2012-03-25 16:57 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-20 01:22 . 2011-06-08 16:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-07 14:32 . 2012-01-07 14:32 53248 ----a-r- c:\users\Reboot Remedy\AppData\Roaming\Microsoft\Installer\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-19_21.30.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-16 17:33 . 2012-03-25 14:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-03-16 17:33 . 2012-03-19 20:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-15 17:03 . 2012-03-26 23:06 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2012-03-15 17:03 . 2012-03-19 21:09 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-02-21 23:24 . 2012-03-26 21:25 41868 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-26 21:25 42976 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-02 15:42 . 2012-03-26 21:25 13880 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2846935167-178982516-714802623-1000_UserData.bin
- 2012-03-15 19:00 . 2012-03-18 09:47 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2012-03-15 19:00 . 2012-03-25 17:44 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-02-24 19:37 . 2012-03-26 21:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-24 19:37 . 2012-03-19 20:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-03-22 23:41 89288 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-03-14 19:35 . 2012-03-19 20:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-14 19:35 . 2012-03-26 21:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-14 19:35 . 2012-03-19 20:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-03-14 19:35 . 2012-03-26 21:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-03-14 19:35 . 2012-03-19 20:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2012-03-14 19:35 . 2012-03-26 21:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-02-24 19:37 . 2012-03-19 20:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-24 19:37 . 2012-03-26 21:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-24 19:37 . 2012-03-26 21:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-24 19:37 . 2012-03-19 20:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-21 23:26 . 2012-03-26 21:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-21 23:26 . 2012-03-19 20:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-21 23:26 . 2012-03-26 21:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-21 23:26 . 2012-03-19 20:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-19 20:25 . 2012-03-19 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-26 21:22 . 2012-03-26 21:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-19 20:25 . 2012-03-19 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-26 21:22 . 2012-03-26 21:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-05 21:02 . 2012-03-26 23:06 557056 c:\windows\Temp\History\History.IE5\index.dat
+ 2011-03-05 21:02 . 2012-03-26 23:06 262144 c:\windows\Temp\Cookies\index.dat
+ 2011-02-25 21:58 . 2012-03-22 23:34 282922 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:31 . 2011-08-01 12:57 399360 c:\windows\system32\DriverStore\drvindex(13).dat
+ 2009-07-14 05:38 . 2012-03-26 21:45 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38 . 2012-03-18 14:01 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:01 . 2012-03-19 20:23 422316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-26 21:21 422316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-03-05 21:02 . 2012-03-19 21:09 3932160 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-05 21:02 . 2012-03-26 23:06 3932160 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:34 . 2012-03-19 20:22 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-25 17:04 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-27 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-01-31 17147528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0233821332801047mcinstcleanup;McAfee Application Installer Cleanup (0233821332801047);c:\windows\TEMP\023382~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-06 1500424]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 17:40]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 17:40]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2846935167-178982516-714802623-1000Core.job
- c:\users\Reboot Remedy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 20:02]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2846935167-178982516-714802623-1000UA.job
- c:\users\Reboot Remedy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 20:02]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-26 18:17:20
ComboFix-quarantined-files.txt 2012-03-26 23:17
ComboFix2.txt 2012-03-26 19:15
ComboFix3.txt 2012-03-19 21:38
ComboFix4.txt 2012-03-18 04:51
ComboFix5.txt 2012-03-26 23:04
.
Pre-Run: 196,672,311,296 bytes free
Post-Run: 196,513,304,576 bytes free
.
- - End Of File - - 1D1D44395A486A9A0FFF6B06BA09B4E8





All processes killed
========== FILES ==========
File/Folder C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployme nt\cache\6.0\48\11724130-1dcceaa4 not found.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployme nt\cache\6.0\48\11724130-1dcceaa4 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Reboot Remedy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3281360710 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 15914152 bytes
->Flash cache emptied: 142204 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49215127 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,192.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 03262012_181908

Files moved on Reboot...
C:\Users\Reboot Remedy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\28569-15[1].htm not found!
File C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\28569-9[1].htm not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\adsPage[1].php moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\beacon[1].htm moved successfully.
File C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\ddc[1].htm not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\default;pos=11;tile=4;sz=300x250;ord=9543548031[1].htm moved successfully.
File C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\fpi[1].htm not found!
File C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\hbpix[1].gif not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\meta[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\results[1].htm moved successfully.
File C:\Windows\temp\Temporary Internet Files\Content.IE5\KOBWN45M\adaptvAdPlayer[1].js not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\KOBWN45M\doubleclick[1].html moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\KOBWN45M\DroidSans-webfont[1].eot moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\KOBWN45M\emily[1].html moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\KOBWN45M\emily[2].html moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\KOBWN45M\League_Gothic-webfont[1].eot moved successfully.
File C:\Windows\temp\Temporary Internet Files\Content.IE5\JTRMVW20\aceUACping[1].htm not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\JTRMVW20\doubleclick[1].html moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\JTRMVW20\swfobject-33adea91ad4aad136036772546746d49[1].js moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\1644777953@x71[1].htm moved successfully.
File C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\28571-15[1].htm not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\8053816736[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\@x94[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\clk[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\img[3].fetch moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\PortalServe[2].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\sea-of-fire[1].txt moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\search_eclickz_com[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\st[1] moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\st[2] moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\topscript.js[1].php moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\tr-pbm[1].txt moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\tv-quotes[1].txt moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\yellow-pages[1].txt moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\11945689a-f17d-41c0-9a3b-bdf24ce68ccd@x90[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\28569-15[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\aceUACping[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\ae_12232010[1].html moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\afr[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\afr[2].htm moved successfully.
File C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\categoryframe[1].htm not found!
File C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\celebritybabycraze_btf[1].txt not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\data_sync[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\default;pos=1;tile=1;sz=728x90;ord=933711826[1].txt moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\default;pos=3;tile=4;sz=160x600;ord=933711826[1].htm moved successfully.
File C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\fastbutton[1].txt not found!
File C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\getadi[1].txt not found!
File C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\getjs[3].aspx not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\gzfwcqwgbj-gi-joe-the-rise-of-cobra[1].txt moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\likebox[1].php moved successfully.
File C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\like[1].php not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\misc;pos=160a;exp=0;adnt=1;tile=4;sz=160x600;ord=2471475757599339[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\misc;pos=728b;exp=0;adnt=1;dcopt=ist;tile=4;sz=728x90;ord=5589365395766991[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\mpphygynrx-family-matters[1].txt moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\p-5aWVS_roA1dVM[1].gif moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\passback.c.r[1].php moved successfully.
File C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\smartmomstyle_btf[1].txt not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\victoria-beckham-peter-wolf-book-bono[1].txt moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\GLX0MYFE\411answers_com[1].txt moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\GLX0MYFE\post-widget[1].js moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\GLX0MYFE\search[3].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\GLX0MYFE\tweet_button.1332442903[1].html moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\11636956296@x23[1].htm moved successfully.
File C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\20120326232609[1].htm not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\2312[1].htm moved successfully.
File C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\28569-9[2].htm not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\ad[1] moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\afr[1].htm moved successfully.
File C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\afr[2].htm not found!
File C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\afr[3].htm not found!
File C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\afr[4].htm not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\ci[2].txt moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\default;pos=3;tile=2;sz=160x600;ord=933711826[1].txt moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\dppix[2].html moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\dref=http%253A%252F%252Fsearch.eclickz.com%252F%253Faffiliate%253Dhouse%2526ref%253Dhttp%25253A%25252F%25252Fsearch.eclickz[1].com%2526Terms%253DStocks moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\freq[2].html moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\iframe3[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\iframe3[2].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\if[1].txt moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\img[1].fetch moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\img[3].fetch moved successfully.
File C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\like[2].php not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\p-01-0VIaSjnOLg[1].gif moved successfully.
File C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\p-01-0VIaSjnOLg[2].gif not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\Pug[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\Salmon[1].css moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\syncuppixels[1].html moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\tr-clk[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\v=5%3Bm=3%3Bl=33451%3Bc=218712%3Bb=1303981%3Bts=20120326192657%3Bdct=;ord=1332804417[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\2PV1DQ3E\audience-science[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\2PV1DQ3E\emily[1].html moved successfully.
C:\Windows\temp\flaE910.tmp moved successfully.
File C:\Windows\temp\mcafee_DPoDIkwRcC1pZpC not found!

Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
794
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back